redline | 1548a38bc14922ae92257d4e07a857f436ca00d449ef93e30121be2281093894[.]zip

General

Target

1548a38bc14922ae92257d4e07a857f436ca00d449ef93e30121be2281093894.zip
Size

51KB
MD5

b41f2dbfb9e1bb8935b26435f207b879
SHA1

e4b3d12a2a9e6b47a1ac0b1855d764db8a6a9c56
SHA256

31fb08353d2db2e26ab9e06429e1ee9c203a7ce04ef0aeff6446a391e59b592f
SHA512

35ea224dba1565730a8b60083590493799214f4a535271003b548728493f6706d9e74d6e04667ccb458402e317d58583bbe64b493761ba22a43c4d698d24af44
SSDEEP

1536:YouPTlWk9khAqTlF+wBqIKnRF/crbTIxY:Y3PJWkq5JF+wIL0rbGY

Score

10^/10

nado redline

Family

redline

Botnet

nado

C2

176.113.115.145:4125

Attributes

1548a38bc14922ae92257d4e07a857f436ca00d449ef93e30121be2281093894.zip
.zip

Password: infected
1548a38bc14922ae92257d4e07a857f436ca00d449ef93e30121be2281093894
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ